Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings

Who’s reading your email?

By Lee Teschler | June 8, 2022

Share

Teschler on Topic

Leland Teschler • Executive Editor
[email protected]
On Twitter @ DW_LeeTeschler

There was a brouhaha recently on Twitter and Reddit regarding the Dutch telecom company KPN. Some of KPN’s central network equipment was made by the Chinese telecom equipment maker Huawei. An investigation found that Huawei had uncontrolled and unauthorized access to the core of the KPN mobile network, giving Huawei access to sensitive information including conversations and telephone numbers of Dutch political leaders and intelligence service officers.

The disclosures in the Netherlands are sobering. Jacob Helberg, who formerly led Google’s internal efforts to combat disinformation and foreign interference, sums up the concerns this way: “Political control is no longer determined merely by boots on the ground, it’s determined by wires in the ground. Imagine what might happen if a foreign adversary LTeschlerTHgovernment knew the entire medical and personal history of every politician, every judge, and every journalist including all their sexual escapades, all their mental weaknesses, and all their corrupt dealings.”

But entities with nefarious intentions needn’t bother with building backdoors into telecomm equipment. They can program ordinary internet hardware to accomplish the same goals. This is the lesson learned from a stunt pulled by China Telecom (CT) in 2016 and 2017, as described by researchers from the U.S. Naval War College and Blavatnik Interdisciplinary Cyber Research Center.

The caper involved what’s called the Border Gateway Protocol (BGP), basically a listing of the next—and closest—network system routers for a given internet packet. The BGP lets routing equipment send messages via the shortest possible route. Thus to hijack network traffic, bad actors can simply install a bogus BGP list that routes traffic through networks they own.

Researchers say that in 2010 CT used a BGP hijack to route 15% of all internet traffic for 18 minutes in what is believed to be both a large-scale experiment and a demonstration of Chinese capabilities in controlling internet flow.

BGP hijacking was facilitated by the fact that CT once had eight PoPs (point of presence) in the U.S. and two in Canada. A PoP consists of high-speed telecom gear that lets ISPs and their users connect to the internet. Researchers say CT used its PoPs to hijack domestic U.S. and cross-U.S. traffic and redirect it for about six months in 2016. In one case, CT hijacked routes from Canada to Korean government sites and routed traffic through China. Though the shortest and normal route goes from Canada to the U.S. to Korea, the hijacked route started at the CT PoP in Toronto, then was forwarded inside the CT network to a CT PoP on the U.S. West Coast, from there to China, and finally to Korea. The same pattern repeated later for shorter durations.

Researchers also report that traffic from several U.S. locations to a bank headquarters in Italy was hijacked in 2016. The normal route would have been from Houston to the Washington D.C. area to Italy. Instead, it went from Houston to a CT PoP in Los Angeles and then to China. But the attackers seemed to have trouble routing traffic inside the Chinese network. Ultimately, the Chinese seemed to give up and the traffic never arrived.

And CT didn’t just divert domestic U.S. traffic. Researchers found that in 2017 traffic from Sweden and Norway to the Japanese network of a large American news organization was hijacked to China for about six weeks. The hijack started with a CT PoP in Maryland and was forwarded to a CT PoP in California, then went to China and Hong Kong before reaching Japan. “By no stretch could this period of disjointed routing have been accidental,” conclude the researchers.

Perhaps no surprise, the U.S. kicked Chinese PoPs out of the country last year. Meanwhile, these revelations are vindication of sorts for conspiracy theorists who think the government is trying to read their email: This might be true, just not for the government they had in mind. DW

You may also like:

  • hiring engineers
    The real reason for hiring engineers
  • PoF
    The physics of failure
  • LTspice
    Best free analog circuit simulators
  • engineers and innovation
    Most engineers aren’t innovators
  • PCB mills
    Basics of printed circuit board milling machines

Filed Under: Commentary • expert insight, ALL INDUSTRY NEWS • PROFILES • COMMENTARIES

 

Related Articles Read More >

engineering in plain sight
Book review: A plain explanation of every day engineering
Hirschtick on the cloud, CAD, and the future
china-manufacturing-future-image
Is China’s manufacturing future in trouble?
hiring engineers
The real reason for hiring engineers

DESIGN GUIDE LIBRARY

“motion

Enews Sign Up

Motion Control Classroom

Design World Digital Edition

cover

Browse the most current issue of Design World and back issues in an easy to use high quality format. Clip, share and download with the leading design engineering magazine today.

EDABoard the Forum for Electronics

Top global problem solving EE forum covering Microcontrollers, DSP, Networking, Analog and Digital Design, RF, Power Electronics, PCB Routing and much more

EDABoard: Forum for electronics

Sponsored Content

  • Renishaw next-generation FORTiS™ enclosed linear encoders offer enhanced metrology and reliability for machine tools
  • WAGO’s smartDESIGNER Online Provides Seamless Progression for Projects
  • Epoxy Certified for UL 1203 Standard
  • The Importance of Industrial Cable Resistance to Chemicals and Oils
  • Optimize, streamline and increase production capacity with pallet-handling conveyor systems
  • Global supply needs drive increased manufacturing footprint development

Design World Podcasts

June 12, 2022
How to avoid over engineering a part
See More >
Engineering Exchange

The Engineering Exchange is a global educational networking community for engineers.

Connect, share, and learn today »

Design World
  • Advertising
  • About us
  • Contact
  • Manage your Design World Subscription
  • Subscribe
  • Design World Digital Network
  • Engineering White Papers
  • LEAP AWARDS

Copyright © 2022 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings